IBM Security Verify

Hi all,

what is the best way to have a log of requests processed by SCIM?

I turned on the trace "com.ibm.isam.scim. * = ALL" but writes too much and does not however give the information inherent to the operation carried out (creation, deletion, modification of attributes).

Any suggest?

Thanks in advance

------------------------------
Patrizio Spadavecchia
------------------------------

no answer / suggestion?

Thanks

------------------------------
Patrizio Spadavecchia
------------------------------

Original Message:
Sent: Wed May 06, 2020 12:13 PM
From: Patrizio Spadavecchia
Subject: SCIM Logging

Hi all,

what is the best way to have a log of requests processed by SCIM?

I turned on the trace "com.ibm.isam.scim. * = ALL" but writes too much and does not however give the information inherent to the operation carried out (creation, deletion, modification of attributes).

Any suggest?

Thanks in advance

------------------------------
Patrizio Spadavecchia
------------------------------

.

You have more options. Instead of using ALL, you can control the level of logging with other options. For example FINEST, FINE, etc.
Regarding the operations carried out, I am not sure what you want, but you the scim REST API, are http requests, so if that is what you need, you may find these also in the reverse proxy logs.

------------------------------
Joao Goncalves
Pyxis, Lda.
+351 91 721 4994
------------------------------

Original Message:
Sent: Mon June 07, 2021 06:04 AM
From: Patrizio Spadavecchia
Subject: SCIM Logging

.

Thanks Joao,

in reverse proxy logs i can find requests but not the payload, so it's not possible to understand what operation was done on the data.

I know there are several log verbosity settings for trace logs, but my aim would be to keep track of all the operations performed through this interface.

Thanks

------------------------------
Patrizio Spadavecchia
------------------------------

Original Message:
Sent: Mon June 07, 2021 05:36 PM
From: Joao Goncalves
Subject: SCIM Logging

You have more options. Instead of using ALL, you can control the level of logging with other options. For example FINEST, FINE, etc.
Regarding the operations carried out, I am not sure what you want, but you the scim REST API, are http requests, so if that is what you need, you may find these also in the reverse proxy logs.

------------------------------
Joao Goncalves
Pyxis, Lda.
+351 91 721 4994

Original Message:
Sent: Mon June 07, 2021 06:04 AM
From: Patrizio Spadavecchia
Subject: SCIM Logging

.

Patrizio,

Unfortunately we don't have audit records written for SCIM operations - that probably would have been the best answer.  If you think this would be the right answer then please create  a "Request for Enhancement" to register this requirement. https://www.ibm.com/developerworks/rfe/?PROD_ID=1575

As already discussed, HTTP request log gives some information but not enough to really know what changes were made.

I can think of two ideas:

1. Enable auditing in whatever directory server actually stores the users and groups.  If you BIND to this with a specific user when doing SCIM operations then perhaps you could filter based on that to get just the SCIM operations.

2. Create a "proxy" HTTP service (your own or something in JavaScript using the AAC) which writes audit records before forwarding the requests to the "real" SCIM endpoint.  I'm not sure how easy this would be - just an option.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Tue June 08, 2021 04:30 AM
From: Patrizio
Subject: SCIM Logging

Thanks Joao,

in reverse proxy logs i can find requests but not the payload, so it's not possible to understand what operation was done on the data.

I know there are several log verbosity settings for trace logs, but my aim would be to keep track of all the operations performed through this interface.

Thanks

------------------------------
Patrizio Spadavecchia

Original Message:
Sent: Mon June 07, 2021 05:36 PM
From: Joao Goncalves
Subject: SCIM Logging

You have more options. Instead of using ALL, you can control the level of logging with other options. For example FINEST, FINE, etc.
Regarding the operations carried out, I am not sure what you want, but you the scim REST API, are http requests, so if that is what you need, you may find these also in the reverse proxy logs.

------------------------------
Joao Goncalves
Pyxis, Lda.
+351 91 721 4994

Original Message:
Sent: Mon June 07, 2021 06:04 AM
From: Patrizio Spadavecchia
Subject: SCIM Logging

.

This post was removed